Advisories » MGASA-2017-0171

Updated smb4k packages fix security vulnerability

Publication date: 14 Jun 2017
Modification date: 14 Jun 2017
Type: security
Affected Mageia releases : 5
CVE: CVE-2017-8849

Description

Smb4k contains a logic flaw in which mount helper binary does not properly
verify the mount command it is being asked to run. This allows calling any
other binary as root since the mount helper is typically installed as suid
(CVE-2017-8849).
                

References

• https://bugs.mageia.org/show_bug.cgi?id=20844
• https://www.kde.org/info/security/advisory-20170510-2.txt
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8849

SRPMS

5/core

• smb4k-1.2.3-1.mga5